Lucene search

Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-F7B4D2B720253CCF1E62FCC4E0EFE57A

HistorySep 19, 2024 - 12:00 a.m.

Dragonfly2 has hard coded cyptographic key

2024-09-1900:00:00

https://gitlab.com/gitlab-org/security-products/gemnasium-db

gitlab.com

dragonfly2

cryptographic key

jwt

security issue

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.054

Percentile

93.3%

JSON

Hello dragonfly maintainer team, I would like to report a security issue concerning your JWT feature.

Affected configurations

Vulners

Node

gov2Range<2.1.0-beta.1

VendorProductVersionCPE
gov2*cpe:2.3:a:go:v2:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
go	v2	*	cpe:2.3:a:go:v2::::::::

References

github.com/advisories/GHSA-hpc8-7wpm-889w

github.com/dragonflyoss/Dragonfly2

github.com/dragonflyoss/Dragonfly2/commit/e9da69dc4048bf2a18a671be94616d85e3429433

github.com/dragonflyoss/Dragonfly2/releases/tag/v2.0.9

github.com/dragonflyoss/Dragonfly2/security/advisories/GHSA-hpc8-7wpm-889w

nvd.nist.gov/vuln/detail/CVE-2023-27584

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.054

Percentile

93.3%

JSON

Related for GITLAB-F7B4D2B720253CCF1E62FCC4E0EFE57A